Get FREE update from Owojela's Blog by simply entering your e-mail

Thursday’s
explosive story by Bloomberg reveals detailed allegations that the Chinese
military embedded tiny chips into servers, which made their way into data
centers operated by dozens of major U.S. companies.

We covered
the story earlier, including denials by Apple, Amazon and Supermicro — the
server maker that was reportedly targeted by the Chinese government. Apple
didn’t respond to a request for comment. Amazon said in a blog post that it
“employs stringent security standards across our supply chain.” The FBI did not
return a request for comment but declined to Bloomberg, and the Office for the
Director of National Intelligence declined to comment. This is a complex story
that rests on more than a dozen anonymous sources — many of which are sharing
classified or highly sensitive information, making on-the-record comments
impossible without repercussions. Despite the companies’ denials, Bloomberg is
putting its faith in that the reader will trust the reporting.

Much of the
story can be summed up with this one line from a former U.S. official:
“Attacking Supermicro motherboards is like attacking Windows. It’s like
attacking the whole world.”

It’s a fair
point. Supermicro is one of the biggest tech companies you’ve probably never
heard of. It’s a computing supergiant based in San Jose, Calif., with global
manufacturing operations across the world — including China, where it builds
most of its motherboards. Those motherboards trickle throughout the rest of the
world’s tech — and were used in Amazon’s data center servers that power its
Amazon Web Services cloud and Apple’s iCloud.

One
government official speaking to Bloomberg said China’s goal was “long-term
access to high-value corporate secrets and sensitive government networks,”
which fits into the playbook of China’s long-running effort to steal
intellectual property.

“No consumer
data is known to have been stolen,” said Bloomberg.

Infiltrating
Supermicro, if true, will have a long-lasting ripple effect on the wider tech
industry and how they approach their own supply chains. Make no mistake —
introducing any kind of external tech in your data center isn’t taken lightly
by any tech company. Fear of corporate and state-sponsored espionage has been
rife for years. It’s chief among the reasons why the U.S. and Australia have
effectively banned some Chinese telecom giants — like ZTE — from operating on
its networks.

Having a key
part of your manufacturing process infiltrated — effectively hacked — puts
every believed-to-be-secure supply chain into question.

With nearly
every consumer electronics or automobile, manufacturers have to procure
different parts and components from various sources across the globe. Ensuring
the integrity of each component is near impossible. But because so many
components are sourced from or assembled in China, it’s far easier for Beijing
than any other country to infiltrate without anyone noticing.

The big question
now is how to secure the supply chain?

Companies
have long seen supply chain threats as a major risk factor. Apple and Amazon
are down more than 1 percent in early Thursday trading and Supermicro is down
more than 35 percent (at the time of writing) following the news. But companies
are acutely aware that pulling out of China will cost them more. Labor and
assembly are far cheaper in China, and specialist parts and specific components
often can’t be found elsewhere.

Instead,
locking down the existing supply chain is the only viable option.

Security
giant CrowdStrike recently found that the vast majority — nine out of 10
companies — have suffered a software supply chain attack, where a supplier or
part manufacturer was hit by ransomware, resulting in a shutdown of operations.

But
protecting the hardware supply chain is a different task altogether — not least
for the logistical challenge.

Several
companies have already identified the risk of manufacturing attacks and taken
steps to mitigate. BlackBerry was one of the first companies to introduce root
of trust in its phones — a security feature that cryptographically signs the
components in each device, effectively preventing the device’s hardware from
tampering. Google’s new Titan security key tries to prevent manufacturing-level
attacks by baking in the encryption in the hardware chips before the key is
assembled.

Albeit at
start, it’s not a one-size-fits-all solution. Former NSA hacker Jake Williams,
founder of Rendition Infosec, said that even those hardware security
mitigations may not have been enough to protect against the Chinese if the
implanted chips had direct memory access.

“They can
modify memory directly after the secure boot process is finished,” he told The
Media.

Some have
even pointed to blockchain as a possible solution. By cryptographically signing
— like in root of trust — each step of the manufacturing process, blockchain
can be used to track goods, chips and components throughout the chain.

Instead,
manufacturers often have to act reactively and deal with threats as they
emerge.

According to
Bloomberg, “since the implanted chips were designed to ping anonymous computers
on the internet for further instructions, operatives could hack those computers
to identify others who’d been affected.”

Williams
said that the report highlights the need for network security monitoring.
“While your average organization lacks the resources to discover a hardware
implant (such as those discovered to be used by the [Chinese government]), they
can see evidence of attackers on the network,” he said.

“It’s
important to remember that the malicious chip isn’t magic — to be useful, it
must still communicate with a remote server to receive commands and exfiltrate
data,” he said. “This is where investigators will be able to discover a
compromise.”

The
intelligence community is said to be still investigating after it first
detected the Chinese spying effort, some three years after it first opened a
probe. The investigation is believed to be classified — and no U.S. intelligence
officials have yet to talk on the record — even to assuage fears.

Good day everyone, the Living Faith Church Worldwide presided by Bishop David O. Oyedepo has released it's recommended books of the month of May as authored by Bishop David Oyedepo. The books are available at major books stores offline and online but you can access them from Owojela's Blog for FREE.

The Inter Party Advisory Council (IPAC) , Cross River Chapter, views with utmost concern, the building tension, arising from preparations for the Ekureku 1 & 2 election rerun for the Abi/Yakurr Federal Constituency, between the Rt. Hon. Barr. John Gaul Lebo of the People's Democratic Party (PDP) and Hon. Dr. Alex Egbona of the All Progressive Congress (APC), slated to hold just a few days away, on Saturday January 25, 2020.

The West African Peoples' Institute needs little introduction to the public. Seating on its elevated perch of West Africa's first and foremost privately run Secondary school founded by Prof Eyo Ita in 1938 during the colonial government. Today she wears a new toga as the cynosure of the Public secondary school education in Calabar, Cross River.

Fast-rising Comedian and MC in Nigeria, Aloke Valentine AKA MC Wealth would be hosting a Comedy show titled Love "N" Fun with MC Wealth. This event happens to fall on the entertainer's birthday which is on the 9th of March 2020.

The Comedian in a brief interview by Owojela's Blog revealed that "the essence of hosting this comedy show was to help fight against the rising depression and suicide in the society". The event is being hosted in Ibiza, One Man village, New Karu, Nassarawa state.

Its a New Year and it seem many are off the blocks to get a good mileage in the public space. I literally used the phrase 'off the blocks' that is unmistakably linked to Athletics because this year will have the Tokyo 2020 Summer Olympics. The reason is a new taste for Tokyo 2020 theme song called Paprika.

Viral online news reports Tuesday 9th July 2019 has it that His Excellency, the Executive Governor of Cross River State has, in a 5th July 2019 letter to the 9th Cross River State House of Assembly, CRSHA requested a loan of five billion Naira (N5, 000, 000, 000. 00) for the payments of pensions and a spurious 'other unforseen obligations of government'.

Why is a Japanese destination ad or tech shows always primetime on CNN international for the past two years? Why did Coca Cola launch their first alcoholic drink in Japan last year? Why did popular reality TV star Kim Kardashian dared to copyright the name ‘Kimono” a name that describes the old Japanese traditional attire this year? Why did billionaire businessman Mayasoshi Son owner of Softbank this year, launched in Japan the cheapest all year round internet service 5G LTE in the world?